fukuops/k8s/argo-apps/authentik.yaml

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: authentik
  namespace: argocd
spec:
  destination:
    name: ''
    namespace: 'apps-fuku'
    server: "https://kubernetes.default.svc"
  sources:
    - chart: authentik
      repoURL: https://charts.goauthentik.io/
      targetRevision: 2024.2.*
      helm:
        valuesObject:
          authentik:
              secret_key: file:///authentik-creds/secret_key
              reporting_enabled: false
              email:
                host: mail.fukurokuju.dev
                port: 465
                password: file:///authentik-creds/email_password
                username: auth@fukurokuju.dev
                use_ssl: true
                timeout: 30
                from: auth@fukurokuju.dev
              postgresql:
                host: 192.168.1.3
                port: 55432
                name: auth
                user: file:///authentik-creds/pg_username
                password: file:///authentik-creds/pg_password
              redis:
                host: 192.168.1.3
                port: 30036
                password: file:///authentik-creds/redis_password
              error_reporting:
                enabled: true
          global:
            volumeMounts:
              - name: authentik-creds
                mountPath: /authentik-creds
              - name: media
                mountPath: /media
            volumes:
              - name: authentik-creds
                secret:
                  secretName: secrets-authentik
              - name: media
                persistentVolumeClaim:
                  claimName: pvc-authentik-media
          server:
            autoscaling:
              enabled: true
              minReplicas: 1
              maxReplicas: 3
            pdb:
              enabled: true
              minAvailable: 1
            service:
              type: LoadBalancer
              servicePortHttp: 9000
              servicePortHttps: 9443
            metrics:
              enabled: true
              service:
                type: LoadBalancer
              serviceMonitor:
                enabled: true
            ingress:
              enabled: true
              ingressClassName: traefik
              hosts:
                - auth.fukurokuju.dev
              tls: []
              https: true
          worker:
            autoscaling:
              enabled: true
              minReplicas: 2
              maxReplicas: 6
            pdb:
              enabled: true
              minAvailable: 2

    - repoURL: https://git.roboces.dev/catalin/fukuops.git
      path: k8s/services/authentik
      targetRevision: main
  project: fuku
  syncPolicy:
    automated: { }